Enroll, a tool to reverse-engineer servers into Ansible config mgmt
#HackerNews #Enroll #Ansible #reverse-engineer #config #management #servers #tech #tools
dch :flantifa: :flan_hacker:
boosted
New blog post: Managing FreeBSD Jails with Ansible.
I wrote jailexec - an Ansible connection plugin that lets you manage FreeBSD jails without running SSH inside each one. It connects to the jail host via SSH and uses jexec to run commands, just like you would manually.
Features:
• Single Python file, easy install
• Supports doas and sudo
• Secure two-stage file transfers
• Works with any jail manager
Blog: https://blog.hofstede.it/managing-freebsd-jails-with-ansible-the-jailexec-connection-plugin/
New blog post: Managing FreeBSD Jails with Ansible.
I wrote jailexec - an Ansible connection plugin that lets you manage FreeBSD jails without running SSH inside each one. It connects to the jail host via SSH and uses jexec to run commands, just like you would manually.
Features:
• Single Python file, easy install
• Supports doas and sudo
• Secure two-stage file transfers
• Works with any jail manager
Blog: https://blog.hofstede.it/managing-freebsd-jails-with-ansible-the-jailexec-connection-plugin/
pvergain (framapiaf)
boosted
Wow,The Ansible connection plugin "jailexec.py", that I created this year, which can be used to automate FreeBSD jails without SSH (via jexec) got used in an example git-repository from the @FreeBSDFoundation 😯
https://github.com/FreeBSDFoundation/blog/tree/main/easy-jail-setup/plugins/connection
I feel humbled.
jailexec.py: https://github.com/chofstede/ansible_jailexec/
Wow,The Ansible connection plugin "jailexec.py", that I created this year, which can be used to automate FreeBSD jails without SSH (via jexec) got used in an example git-repository from the @FreeBSDFoundation 😯
https://github.com/FreeBSDFoundation/blog/tree/main/easy-jail-setup/plugins/connection
I feel humbled.
jailexec.py: https://github.com/chofstede/ansible_jailexec/
ajuvo ✔
boosted
Good news: Regarding the ongoing #AntiAntifa attacks by #debanking leftist solidarity projects in #Germany the Georg Elser Institute @gei emergency-published an #Ansible project that deploys a complete #Taler demo stack (exchange, merchant, WordPress shop) on #Ubuntu 24.04 (noble) to give *everybody* a jump start into the complexity of #GNUtaler.
We forked it for you on #Codeberg:
https://codeberg.org/taler-space/ansible-vps-setup
Good news: Regarding the ongoing #AntiAntifa attacks by #debanking leftist solidarity projects in #Germany the Georg Elser Institute @gei emergency-published an #Ansible project that deploys a complete #Taler demo stack (exchange, merchant, WordPress shop) on #Ubuntu 24.04 (noble) to give *everybody* a jump start into the complexity of #GNUtaler.
We forked it for you on #Codeberg:
https://codeberg.org/taler-space/ansible-vps-setup
AdrianC
boosted
# Evolving Our Tor Relay Security Architecture
https://blog.emeraldonion.org/evolving-our-tor-relay-security-architecture
A new blog post where @alexhaydock goes into some detail showcasing our minimalistic @alpinelinux Tor relays architecture, a threat model, and including a link to our now-public open source "Emerald Relays" orchestration framework.
The past 6 months have proven its success, and now we look forward to phase 2 (read the post!), which we need your help in funding. Emerald Onion is a U.S. 501(c)(3) tax-deductible nonprofit, so please consider donating before 31 December! https://emeraldonion.org/donate/
#Tor #TorOps #Privacy #AntiCensorship #Anonymity #Ansible #Proxmox #Terraform #AMD #Epyc #SEVSNP #NonProfit #GivingTuesday
Rachel Lawson
boosted
If you're a #PHP developer who uses #DDEV you might be interested in checking out what I've been up to making @codeenigma's ce-deploy ( #Ansible stack for app deployment) work inside DDEV, both already support #drupal, #symfony, #wordpress, etc. It allows developers to test their server deployments locally, with the same tools as their server environments, before running them for real. 😎
# Evolving Our Tor Relay Security Architecture
https://blog.emeraldonion.org/evolving-our-tor-relay-security-architecture
A new blog post where @alexhaydock goes into some detail showcasing our minimalistic @alpinelinux Tor relays architecture, a threat model, and including a link to our now-public open source "Emerald Relays" orchestration framework.
The past 6 months have proven its success, and now we look forward to phase 2 (read the post!), which we need your help in funding. Emerald Onion is a U.S. 501(c)(3) tax-deductible nonprofit, so please consider donating before 31 December! https://emeraldonion.org/donate/
#Tor #TorOps #Privacy #AntiCensorship #Anonymity #Ansible #Proxmox #Terraform #AMD #Epyc #SEVSNP #NonProfit #GivingTuesday
Been fighting Debian #Trixie 13 for two days now. It seems to be impossible to auto mount an NFS4 share at boot. Manually it works fine.
Not even with `ro,auto,sync,default,hard,noatime,retrans=15,x-systemd.after=network-online.target,x-systemd.automount,x-systemd.requires=network-online.target,_netdev,clientaddr=
192.0.2.13` in `fstab`.
This used to work in Debian #Bookworm 12, Ubuntu jammy (22) and noble (24).
Next attempt: `autofs` or directly in OCI container
Changed my strategy, due to a race condition between systemd mounting #NFS and #docker creating bind volumes.
Trying to mount NFS directly from within a container defined as a volume. Works when deployed with #ansible, but only during runtime. At boot, the container is started before the NFS volume is ready causing the container to fail starting.
This issue is 100% reproducible and can be found online everywhere going back for years. No solution to be found.
#WTF
If you're a #PHP developer who uses #DDEV you might be interested in checking out what I've been up to making @codeenigma's ce-deploy ( #Ansible stack for app deployment) work inside DDEV, both already support #drupal, #symfony, #wordpress, etc. It allows developers to test their server deployments locally, with the same tools as their server environments, before running them for real. 😎
It's almost as if Puppet, Chef, and CFEngine had become rude words.
It started with some Docker containers on a Raspberry Pi, then it was two Pis… now I run a two-node K8s cluster on some Intel NUCs with dedicated/ext. failover DNS. What a rabbit hole 😅
On the other hand you gain such a huge amount of devops an infrastructure knowledge - for me it was worth putting in weeks of effort. And you have a resilient base of hosting your services, that noone can just take away or up subscription pricing.
I am currently writing multiple posts about it. Will publish the first one soon.
Finally I found time to write down some insights into my #homelab, #selfhosting adventures and how I run things unconnected to big tech platforms.
A general look insight can be found here https://www.codedge.de/hlab/
If you want to read some technical details about some inner workings, follow my article series around my homelab look here https://www.codedge.de/tags/hlab/
I am going to write some more in-depth articles in the next couple of days.
The Tor Project
and 1 other
boosted
NEW BLOGPOST!
The Onionspray Ansible role version 3 has just been released, and with it, I've put together this article about @torproject , online privacy, and related concepts. If you'd like to learn more about Tor onion services, and how you can easily deploy your own with Onionspray and Ansible, be sure to take a look!
https://zoug.fr/deploy-tor-onion-service-onionspray-ansible/
Feel free to leave a comment on it by replying to this post :)
NEW BLOGPOST!
The Onionspray Ansible role version 3 has just been released, and with it, I've put together this article about @torproject , online privacy, and related concepts. If you'd like to learn more about Tor onion services, and how you can easily deploy your own with Onionspray and Ansible, be sure to take a look!
https://zoug.fr/deploy-tor-onion-service-onionspray-ansible/
Feel free to leave a comment on it by replying to this post :)
dch :flantifa: :flan_hacker:
and 1 other
boosted
Earlier this year, I developed "ansible_jailexec", a modern Ansible connection plugin that can manage FreeBSD Jails via jexec via the host (incl. transparent file copy into the jails filesystem). All released under a BSD license.
That way, you can automate FreeBSD Jails via Ansible, even when they have no ssh or network connectivity.
On Codeberg: https://codeberg.org/Larvitz/ansible_jailexec
On GitHub: https://github.com/chofstede/ansible_jailexec/
The connection-plugin comes as a single python file (jailexec.py) and comes with Unit tests and internal safety checks.
Maybe someone finds it useful.
Happy automating 
🙂
#freebsd #ansible #automation #bsd #automation #opensource #foss #jails
Earlier this year, I developed "ansible_jailexec", a modern Ansible connection plugin that can manage FreeBSD Jails via jexec via the host (incl. transparent file copy into the jails filesystem). All released under a BSD license.
That way, you can automate FreeBSD Jails via Ansible, even when they have no ssh or network connectivity.
On Codeberg: https://codeberg.org/Larvitz/ansible_jailexec
On GitHub: https://github.com/chofstede/ansible_jailexec/
The connection-plugin comes as a single python file (jailexec.py) and comes with Unit tests and internal safety checks.
Maybe someone finds it useful.
Happy automating 🙂
#freebsd #ansible #automation #bsd #automation #opensource #foss #jails